--- title: "Security Advisory March 2025" slug: "security-advisory-march-2025" updated: 2025-03-26T06:04:19Z published: 2025-03-26T06:04:19Z --- > ## Documentation Index > Fetch the complete documentation index at: https://traceabledocs.document360.io/llms.txt > Use this file to discover all available pages before exploring further. # Security Advisory March 2025 ## **Security Advisory: Ingress-NGINX Kubernetes Vulnerabilities** **Date Issued:** March 25, 2025 **Severity:** Critical **Status:** Active ***Note****: Status reflects current understanding at the time of advisory issuance.* --- ### **Overview** Recent research has identified critical vulnerabilities in the Ingress-NGINX controller, a widely used component for managing external traffic in Kubernetes clusters. These vulnerabilities could potentially allow attackers to bypass security controls, escalate privileges, or disrupt cluster operations. For full technical details, refer to the original analysis by Wiz: [Ingress-NGINX Kubernetes Vulnerabilities](https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities). --- ### **Details** - **Affected Component:** Ingress-NGINX of Kubernetes ingress controller - **Vulnerabilities:** Misconfigurations and design flaws in default setups may expose clusters to risks such as unauthorized access, data leakage, or denial-of-service attacks. - **CVE Identifiers:** - CVE-2025-1097 - CVE-2025-1098 - CVE-2025-1974 - CVE-2025-24513 - CVE-2025-24514 - **Scope:** Admission Controller should be accessible for attackers to exploit the vulnerabilities. - **Impact:** The exploit could compromise sensitive workloads, expose internal services, or destabilize cluster availability. --- ### **Affected Versions** - Traceable **SaaS customers are not affected**, as Traceable does not use the Ingress-NGINX controller. - Traceable **OnPrem customers with publicly exposed** admission controllers are at **risk** and must immediately upgrade to version 1.20.2, available [here]( https://downloads.traceable.ai/platform/installer/clustermgr/linux-amd64/traceable-clustermgr-1.20.2-linux-amd64.tgz). --- ### **Recommended Action** Customers using Traceable OnPrem with publicly exposed admission controllers should update immediately. For any upgrade-related assistance or questions, contact **Traceable Support** at [support@traceable.ai](mailto:support@traceable.ai).